[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 373
  • Last Modified:

Anonymous Access - Is it safe?

I'm involved in a debate over the safety of allowing internal anonymous (read only) access to a SharePoint 2010 (Enterprise) WCM site.

They have 2 main SharePoint areas, one WCM and the other Collaboration. SharePoint is only accessible within the company network. Authentication is NTLM against 3 trusted domains. Due to corporate aquisitions there are a few hundred employees currently on non-trusted domains.

It's been proposed that we enable anonymous access on the WCM site so all employees can see company announcements. However there's a big push-back against this for 'security reasons'. Nothing specific, just a feeling that opening access somehow opens the collaboration site and other data to attack.

(I will also mention, Federated Services has been considered as an alternative access method for our extra users, but the hardware and configuration requirements are very tight for our timescales.)

Considering that access is only possible from within the company network, there is intrusion detection software configured on all requests to SharePoint, access is read only etc, am I missing something? Should anonymous access to non-sensitive data (admittedly in the same farm as sensitive data) be of major concern to anyone?
0
Jamie McAllister MVP
Asked:
Jamie McAllister MVP
  • 4
  • 2
1 Solution
 
Walter CurtisSharePoint AEDCommented:
Anonymous access is very useful in the situation your describe. The biggest danger is human error. If for example some creates a site collection that inherits the anonymous access and it is not explicit disabled, then data could be exposed. Consider creating an additional web application where anonymous access is enable and have all other data in a web app that has anonymous disabled and you lower the risk of an error. I have done that on several occasions and it has worked well.

Hope that helps
0
 
Pramod UbheCommented:
I would suggest to configure access for Authenticated users instead of Anonymous. if not, there are certain groups like domain users which you can use where all the users from domain are member of that group, you can configure access for this group in each domain as a work around.
0
 
Jamie McAllister MVPArchitectAuthor Commented:
Can anyone tell me an absolute show-stopper for Anonymous access within our network?

Or alternatively an absolute assurance that Anonymous is fine in the scenario I described?

At the moment I need to feed into the decision for a go/no go on anonymous access.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Pramod UbheCommented:
It is fine but your security team may not approve or might be an issue in audits.
0
 
Jamie McAllister MVPArchitectAuthor Commented:
What specific grounds might they not approve on if it is safe?
0
 
Jamie McAllister MVPArchitectAuthor Commented:
Spencer Harbar was kind enough to provide some input to this debate on a private forum. I can't cross post the text in full but a summary of the advice is this;

Such content should always be authenticated. Factors such as the content being on the Internal Network, or having IDS in place do not influence the risk management. Having ACL in place would significantly reduce the risk of outages from malicious intent.

Suggested approach is creating accounts for all users, opening up the WCM site to All Authenticated Users if necessary, but always having ACL in place.

Thanks for your input on the question.
0
 
Jamie McAllister MVPArchitectAuthor Commented:
Spencer Harbar advised against Anonymous Access.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now